Archive (Tag: PHI)
How Does our Office Keep you Anonymous?
The Commissioner publicly posts review and investigation reports regarding a variety of matters involving applicants and complainants. As much as possible, our office tries to conceal their identities. Our office also recognizes that there are times when it is warranted to conceal the identity of someone other than an applicant or a complainant. De-identification is... read more
Data Residency Outside Canada for Trustees
Trustees often ask our office about the use of an information management service provider (IMSP) to manage personal health information. Some want to know about using IMSPs linked to companies outside Canada. Once personal health information leaves Canada, it becomes subject to the laws of the country where it resides. If an individual’s personal health... read more
Privacy Audits (updated)
Your organization has undertaken a privacy impact assessment (PIA) as part of its process of designing and implementing a new program. So, what’s next? Once the new program has gone live, your organization should plan regular privacy audits to ensure that the program is operating in a manner that complies with applicable access and privacy... read more
Collection/Disclosure; A Two-Step Analysis (updated)
When personal information or personal health information (information) is shared by one public body with another, the issue arises as to who has the authority to disclose and who has the authority to collect. Many collections of information happen when you or I visit a public body, apply for a service or benefit and fill... read more